The tool used to take data from San Bernardino terrorist Syed Farook’s iPhone likely only works on a “narrow slice of phones,” and almost certainly does not work on the iPhone 5S or 6, FBI chief James Comey said.
The FBI director made the remarks during an address at Kenyon College in Ohio on Wednesday evening. The federal law enforcement agency was locked in a court battle with Apple to crack the iPhone 5C running iOS 9 used by Farook until an unidentified third-party came forward with a technique the FBI used to get data from the device.
“Someone outside the government, in response to that attention, came up with a solution, one that I am confident will be closely protected and used lawfully and appropriately,” Comey said, adding that the government "purchased" the tool. Apple has so far not been told by the government how it managed to get past the iPhone’s safeguards, leaving the company with a very public hole in its security.
Federal agencies do have a non-binding process used when reviewing whether or not a newly discovered security flaw should be revealed to technology companies. Intelligence agencies, criminals, and hackers all value these so-called “zero days” for the access they can provide to software and devices.
“We’re having discussions within the government about, OK, so should we tell Apple what the flaw is that was found. That’s an interesting conversation, because we tell Apple, they’re going to fix it, and then we’re back where we started from,” Comey said.
“As silly as that may sound, we may end up there, we just haven’t decided yet.”
“If we decide not to disclose it to Apple, it’s still quite perishable and it will disappear if Apple changes its software in some way," Comey said of the technique in response to a question. "It will also disappear if we use it in a criminal case and then it has to be disclosed."
While the government’s case against Apple in California was dropped at the end of March, the discussion around encryption and security has continued. A spokesman for Senator Dianne Feinstein confirmed to NBC News on Wednesday that the lawmaker had received a briefing on the FBI’s technique, but did not provide any other details.
"I don't believe the government has any obligation to Apple," Feinstein said in a statement shared by her office. "No company or individual is above the law, and I'm dismayed that anyone would refuse to help the government in a major terrorism investigation."
Feinstein and Senator Richard Burr are expected to introduce an encryption bill as soon as this week. The popular messaging service WhatsApp, which is owned by Facebook and has 1 billion users worldwide, enacted “end-to-end” encryption on Tuesday, meaning that only the sender and a receiver of a message can see what is said.
Comey has been at the head of a group of law enforcement officials that has raised concerns about criminals and terrorists using encryption and other technology to “go dark” — a position that has been criticized by technologists and privacy advocates.
“What if law enforcement had a phone owned by somebody that abducted your sister? Or a phone used by a suicide bomber who blew up the train station in your home town?” Comey said on Wednesday.
“There is no such thing as absolute privacy in America.”